Bug 461845 - Clamav out dated
Clamav out dated
Status: CLOSED DUPLICATE of bug 579370
Product: Fedora EPEL
Classification: Fedora
Component: clamav (Show other bugs)
el5
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Steven Pritchard
Fedora Extras Quality Assurance
UpdatePackage
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-10 17:40 EDT by Darrick Hartman
Modified: 2010-09-15 03:45 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 522157 (view as bug list)
Environment:
Last Closed: 2010-09-15 03:45:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Darrick Hartman 2008-09-10 17:40:09 EDT
Clamav 0.93.X has a security flaw which was addressed by the 0.94 release as noted on the Clamav website  http://www.clamav.net

Please upgrade the package to 0.94
Comment 1 Elia Pinto 2009-09-09 10:42:17 EDT
Probably SELINUX targeted policy, and Selinux Memory check, mitigate this
but it necessary to upgrade anyway.
 -------------------------------------------------------------------
    Package               /  Vulnerable  /                 Unaffected
   -------------------------------------------------------------------
    clamav    < 0.95.2                      >= 0.95.2

Description
===========

Multiple vulnerabilities have been found in ClamAV:

* The vendor reported a Divide-by-zero error in the PE ("Portable
 Executable"; Windows .exe) file handling of ClamAV (CVE-2008-6680).

* Jeffrey Thomas Peckham found a flaw in libclamav/untar.c, possibly
 resulting in an infinite loop when processing TAR archives in clamd
 and clamscan (CVE-2009-1270).

* Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro
 in libclamav/others.h, when processing UPack archives
 (CVE-2009-1371).

* Nigel disclosed a stack-based buffer overflow in the
 "cli_url_canon()" function in libclamav/phishcheck.c when processing
 URLs (CVE-2009-1372).

Impact
======

A remote attacker could entice a user or automated system to process a
specially crafted UPack archive or a file containing a specially
crafted URL, possibly resulting in the remote execution of arbitrary
code with the privileges of the user running the application, or a
Denial of Service. Furthermore, a remote attacker could cause a Denial
of Service by supplying a specially crafted TAR archive or PE
executable to a Clam AntiVirus instance.
Comment 2 Edward Rudd 2009-11-07 11:15:48 EST
superseded by #532695??
Comment 3 Łukasz Trąbiński 2010-04-16 04:28:12 EDT
oceanic:/etc# freshclam 
ClamAV update process started at Fri Apr 16 10:27:29 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
Connecting via w3cache.wsisiz.edu.pl
Downloading main-52.cdiff [100%]
main.cld updated (version: 52, sigs: 704727, f-level: 44, builder: sven)
Connecting via w3cache.wsisiz.edu.pl
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 10751, sigs: 52057, f-level: 51, builder: guitar)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 44, recommended = 51
DON'T PANIC! Read http://www.clamav.net/support/faq
Database updated (756784 signatures) from database.clamav.net
Comment 4 Mark Chappell 2010-09-15 03:45:50 EDT

*** This bug has been marked as a duplicate of bug 579370 ***

Note You need to log in before you can comment on or make changes to this bug.